larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Cisco Digital Network Architecture: Intent-based Networking for the Enterprise

eBook (Watermarked)

  • Your Price: $44.15
  • List Price: $55.19
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Also available in other formats.

  • Description
  • Sample Content
  • Updates
  • Copyright 2019
  • Dimensions: 7" x 9-1/8"
  • Pages: 300
  • Edition: 1st
  • eBook (Watermarked)
  • ISBN-10: 0-13-472401-1
  • ISBN-13: 978-0-13-472401-0

The complete guide to transforming enterprise networks with Cisco DNA

As networks become more complex and dynamic, organizations need better ways to manage and secure them. With the Cisco Digital Network Architecture, network operators can run entire network fabrics as a single, programmable system by defining rules that span their devices and move with their users. Using Cisco intent-based networking, you spend less time programming devices, managing configurations, and troubleshooting problems so you have more time for driving value from your network, your applications, and most of all, your users.

This guide systematically introduces Cisco DNA, highlighting its business value propositions, design philosophy, tenets, blueprints, components, and solutions.Combining insider information with content previously scattered through multiple technical documents, it provides a single source for evaluation, planning, implementation, and operation.

The authors bring together authoritative insights for multiple business and technical audiences. Senior executives will learn how DNA can help them drive digital transformation for competitive advantage. Technical decision-makers will discover powerful emerging solutions for their specific needs. Architects will find essential recommendations, interdependencies, and caveats for planning deployments. Finally, network operators will learn how to use DNA Center’s modern interface to streamline, automate, and improve virtually any network management task.

·         Accelerate the digital transformation of your business by adopting an intent-based network architecture that is open, extensible, and programmable

·         Integrate virtualization, automation, analytics, and cloud services to streamline operations and create new business opportunities

·         Dive deep into hardware, software, and protocol innovations that lay the programmable infrastructure foundation for DNA

·         Virtualize advanced network functions for fast, easy, and flexible deployments

·         Translate business intent into device configurations and simplify, scale, and automate network operations using controllers

·         Use analytics to tune performance, plan capacity, prevent threats, and simplify troubleshooting

·         Learn how Software-Defined Access improves network flexibility, security, mobility, visibility, and performance

·         Use DNA Assurance to track the health of clients, network devices, and applications to reveal hundreds of actionable insights

·         See how DNA Application Policy supports granular application recognition and end-to-end treatment, for even encrypted applications

·         Identify malware, ransomware, and other threats in encrypted traffic 

Sample Pages

Download the sample pages (includes Chapter 1)

Table of Contents

Foreword xxxiv

Introduction xxxvi

Part I Introduction to DNA

Chapter 1 Why Transform Your Business Digitally? 1

Opportunities and Threats 1

Digitally Transforming Industries 3

    Digital Advertising 3

    Digital Media and Entertainment 3

    Digital Finance 4

    Digital Communications 4

    Digital Transportation Services 5

Digitally Transforming Businesses 7

    Transforming the Customer Experience 8

    Transforming the Employee Experience 11

    Transforming Business Operations 14

Driving Digital Transformation with the Internet of Things 16

Are You Ready? 17

Summary 18

Further Reading 18

Chapter 2 The Business Value of DNA 19

Business Requirements of the Network Architecture 19

    Cost Reduction 20

    Risk Mitigation 20

    Actionable Insights 21

    Business Agility 22

Intent-Based Networking 23

Business Value of Cisco Digital Network Architecture 24

    Reducing Costs Through Automation, Virtualization, and Programmable Hardware 25

    Mitigating Risks with Integrated Security and Compliance 26

    Revealing Actionable Insights Through Analytics 26

Accelerating Business Agility Through Open APIs 26

Adding It All Up 28

Summary 29

Further Reading 29

Chapter 3 Designing for Humans 31

Technology Versus User-Experience 31

Design Thinking Philosophy and Principles 33

Cisco Design Thinking Framework 34

    Discover Phase 35

    Define Phase 37

    Explore Phase 39

The Cisco Design Thinking Journey for DNA 40

    DNA Discovery Phase 41

    DNA Definition Phase 49

    DNA Exploration Phase 53

Summary 53

Further Reading 54

Chapter 4 Introducing the Digital Network Architecture 55

Requirements for DNA 56

    Requirements to Reduce Complexity and Costs 57

    Requirement to Increase Operational Flexibility 58

    Security and Compliance Requirements 59

    Cloud-Enablement Requirement 60

Architectural Principles 60

    Openness 61

    Extensibility 62

    Programmability 62

    Policy-based Networking 63

    Security 63

    Software Driven 64

    Cloud Integrated 65

    Conflicting Principles? 65

Overview of the DNA Components 66

    Infrastructure 66

    Automation 73

    Analytics Platform 77

    The Role of the Cloud in DNA 80

    Connecting the Building Blocks: APIs 83

Outcomes 84

Summary 85

Further Reading 86

Chapter 5 The Digital Network Architecture Blueprint 87

DNA Services 88

    DNA Services–Transport 90

    DNA Services–Policy 91

    Relationship Between DNA Policies and Business Intent 92

DNA Infrastructure 93

    Transport Functions 94

    Supporting Network Functions 96

    Fabrics 98

Automating DNA–Controllers 99

    Automating Transport and Network Functions Infrastructure 99

    Maintaining a View of the Infrastructure Functions and Connected Endpoints 100

    Instantiating and Maintaining DNA Services 100

    Relationships in DNA: Revisiting Domains, Scopes, and Fabrics 102

    DNA Interfaces 105

Service Definition and Orchestration 107

    Relationship Between the Controllers and the Service Definition and Orchestration Component 110

Analytics Platform 112

    Data Collection 113

    Data Extraction 113

    Data Ingestion 114

    Data Export 114

On-Premises and Off-Premises Agnosticism–Revisiting the Cloud 115

    Application Hosting in the Cloud and the Evolution of the DMZ 116

    Leveraging the Cloud for DNA Controllers and Analytics 118

Summary 120

Part II DNA Programmable Infrastructure

Chapter 6 Introduction to DNA Infrastructure 123

Picturing the Modern Network 124

Exploring DNA Infrastructure 125

The Evolving Network, and Why It Matters 126

    Requirements: The Need for Change 126

    Requirements: The Need for Speed (of Change) 127

    Requirements: The Need for Simplicity 128

    Requirements: The Need for Continuity 129

DNA Infrastructure Solutions 130

    Flexible Hardware 130

    Flexible Software 131

    New and Evolving Protocols 132

    The Emergence of Virtualization 133

Bringing It All Together 133

Summary 134

Chapter 7 Hardware Innovations 135

The Importance of Hardware in a Software-Defined World 135

The Making of a Chip 136

    Delving Deeper: How Chips Are Designed and Built 136

    Drivers of Chip Design and Density 143

    When Good Chips Go Bad: What Can Go Wrong in Chip Design 145

    When Good Chips Need to Get Better: Designing the Next Generation 146

    Now We Speak the Same Language! 147

What’s Happening in the World of Networks 148

How Traditional Network ASICs Process Packets 149

Traffic Handling with CPUs and FPGAs 150

Introducing Flexible Silicon 152

Flexible Switching Silicon: UADP 154

    UADP Use Cases–Current, and Future 163

    UADP–Summing Up 172

Flexible Routing Silicon: QFP 173

    QFP–An Introduction 174

    QFP–Diving Deeper 176

    QFP–Use in Platforms 180

UADP and QFP–Summing Up 181

Wireless: Providing Innovation for Mobility 182

    Flexible Radio Assignment 183

    Intelligent Capture 185

Summary 186

Further Reading 187

Chapter 8 Software Innovations 189

The Importance and Evolution of Networking Software 189

Cisco IOS: Origins and Evolution 190

    Evolution of the Cisco IOS Data Plane 191

    Evolution of the Cisco IOS Control Plane 194

    Evolution of the Cisco IOS Management Plane 195

Evolution of Cisco Networking Software 196

The Evolution of Cisco IOS to IOS XE 198

Cisco IOS XE in a Nutshell 199

Cisco IOS XE: Delving Deeper 201

    IOS XE Subsystems 202

    IOS XE Database 203

    Container Framework and Application Hosting 205

Cisco IOS XE: Bringing It All Together 207

    Cisco IOS XE: Simplification with a Single Release Train 209

    Cisco IOS XE: Software Maintenance Upgrades 209

Cisco IOS XE: Platform Support 212

Cisco IOS XE: Summary 213

Protecting Platforms and Networks: Trustworthy Systems 214

    Trustworthy Systems: An Overview 215

    Attack Mitigation with Trustworthy Systems 216

    Defense: Image Validation and Signing 217

    Defense: Runtime Defenses 217

    Defense: Secure Boot 218

    Ensuring Device Identity with the Secure Unique Device Identifier 220

    Cisco Secure Boot and Trust Anchor Module: Validating the

    Integrity of Software, Followed by Hardware 221

The Move to Intuitive Networking 222

Summary 223

Further Reading 223

Chapter 9 Protocol Innovations 225

Networking Protocols: Starting at the Bottom with Ethernet 226

    Power Protocols: Power over Ethernet, to 60 Watts and Beyond! 227

    The Future of Power over Ethernet 230

    Multiple-Speed Protocols over Copper: Multigigabit Ethernet, Squeezing More Life Out of Existing Cabling Infrastructures 230

    25G Ethernet–The New Kid on the Block 234

    Ethernet Evolving: This Is Not Your Father’s Ethernet! 235

Moving Up the Stack 235

    Networking Protocols: Moving Up the Stack to Layer 2 235

    Networking Protocols: Moving Up the Stack to Layer 3 237

    Networking Protocols Today: Summary 242

Networking Protocols for the New Era of Networking 242

    VXLAN: A Next-Generation Encapsulation Technology 243

    IS-IS: The Evolution of Underlay Routing 249

    LISP: The Evolution of Overlay Host Reachability 249

    Scalable Group Tags: The Evolution of Grouping and Policy 257

    Bringing It All Together: What Next-Generation Protocols Within the Network Allow Us To Build 264

Summary 264

Further Reading 265

Chapter 10 DNA Infrastructure–Virtualization 267

Benefits of Network Function Virtualization 268

    CAPEX Benefits of NFV 268

    OPEX Benefits of NFV 270

    Architectural Benefits of NFV 271

Use Cases for Network Function Virtualization 272

    Control Plane Virtualization 272

    Branch Virtualization 274

    Virtualization to Connect Applications in VPCs 275

    Virtualization of Multicloud Exchanges 276

Overview of an NFV System Architecture 278

    Hypervisor Scheduling and NUMA 281

    Input/Output Technologies for Virtualization 283

Challenges and Deployment Considerations of Network Function Virtualization 289

    Performance 289

    Oversubscribing the Physical Hardware Resources 290

    Optimizing Server Configurations 290

    Selecting the Right I/O Technique 291

    VNF Footprint Considerations 292

    Multi-tenancy and Multi-function VNFs 293

Transport Virtualization 296

    Network Segmentation Architecture 297

    Policy-based Path Segmentation 299

    Control Plane—based Segmentation 302

Summary 305

Chapter 11 DNA Cloud 307

Introduction to the Cloud 308

    Cloud Service Models 311

    Cloud Deployment Models 312

    It’s a Multicloud World! 313

DNA for the Cloud 315

    DNA Cloud for Applications 316

    DNA Cloud for Automation 318

    DNA Cloud for Analytics 319

Summary 323

Further Reading 323

Part III DNA Automation

Chapter 12 Introduction to DNA Automation 325

Why Automate? 325

    Reduce Total Cost of Ownership 326

    Lower Risk 326

    Move Faster 328

    Scale Your Infrastructure, Not Your IT Department 328

    Think “Out of the Box” 329

    Simplify Like Never Before 330

    Enable Applications to Directly Interact with the Network 330

Is DNA Automation the Same as SDN? 330

    Centralized Versus Distributed Systems 331

    Imperative Versus Declarative Control 331

    The Cisco SDN Strategy 332

Automation Elements 332

    Network Programmability 332

    Network Controller 333

    Network Orchestrator 334

Summary 335

Further Reading 336

Chapter 13 Device Programmability 337

Current State of Affairs 338

    CLI Automation 338

    SNMP 340

Model-Based Data 340

    YANG 341

Protocols 344

    Encoding 345

    Network Protocols 346

    NETCONF 347

    RESTCONF 350

    gRPC 351

Telemetry 352

    gRPC Telemetry 353

Tools 354

Application Hosting 357

Summary 359

Further Reading 359

Chapter 14 DNA Automation 361

The Increasing Importance of Automation 362

    Allow the Network to Scale 363

    Reduce Errors in the Network 363

    Time to Perform an Operation 363

    Security and Compliance 364

Current Impediments to Automation 364

Classifying Network Automation Tasks 367

    Infrastructure and DNA Service Automation 368

    Standard and Nonstandard Automation Tasks 369

The Role of Controllers in DNA Automation 371

    Leveraging Abstractions in DNA to Deliver Intent-Based Networking 372

    Domain Controllers Versus Control Plane Protocols 375

Automating Your Network with Cisco DNA Center 377

    DNA Center Basics 377

    Day 0 Operations–Standardizing on Network Designs 382

    Standardizing on Network Designs 388

    Automating the Deployment of Network Elements and Functions 390

    Day N Operations–Automating Lifecycle Operations 394

Summary 395

Further Reading 396

Part IV DNA Analytics

Chapter 15 Introduction to DNA Analytics 397

A Definition of Analytics 397

DNA Analytics 398

    DNA Analytics, Opportunities and Challenges 399

Brief History of Network Analytics 400

Why DNA Analytics? 401

The Role of Network Analytics in DNA 402

Summary 404

Chapter 16 DNA Analytics Components 405

Analytics Data Sources 405

DNA Instrumentation 407

Distributed Network Analytics 408

Telemetry 411

    Why Telemetry? 412

    The DNA Telemetry Architecture 413

    Limitations of Today’s Telemetry Protocols 413

    The Evolution of DNA Telemetry: Model-Driven Telemetry 414

Analytics Engine 416

    The Traditional Analytics Approach 416

    The Need for Analytics Engines 418

The Role of the Cloud for Analytics 420

Summary 422

Further Reading 422

Chapter 17 DNA Analytics Engines 423

Why a DNA Analytics Engine? 425

DNA Analytics Engines 427

Cisco Network Data Platform 428

    Telemetry Quotient 430

    NDP Architecture 430

    NDP Deployments Modes 436

    NDP Security and High Availability 438

Cisco Tetration Analytics 439

    It’s All About Quality of Data 440

    Data Center Visibility with Cisco Tetration Analytics 442

    Cisco Tetration Analytics Architecture 444

    The Benefits of Cisco Tetration Analytics 446

Summary 448

Further Reading 449

Part V DNA Solutions

Chapter 18 DNA Virtualization Solutions: Enterprise Network Functions Virtualization and Secure Agile Exchange 451

The Cisco Strategy for Virtualization in the Enterprise 452

Cisco Enterprise Network Functions Virtualization 453

    Details on Virtualization Hardware 455

    NFVIS: An Operating System Optimized for Enterprise Virtualization 459

    Virtualized Network Functions 463

    Service Chaining and Sample Packet Flows 468

    Orchestration and Management 473


Virtualizing Connectivity to Untrusted Domains: Secure Agile Exchange 488

    Motivation for the Cisco SAE Solution 489

    Cisco SAE Building Blocks 492

Running Virtualized Applications and VNFs Inside IOS XE 493

Summary 496

Further Reading 496

Chapter 19 DNA Software-Defined Access 497

The Challenges of Enterprise Networks Today 497

Software-Defined Access: A High-Level Overview 499

SD-Access: A Fabric for the Enterprise 500

    What Is a Fabric? 500

    Why Use a Fabric? 501

    Capabilities Offered by SD-Access 505

    SD-Access High-Level Architecture and Attributes 512

    SD-Access Fabric Capabilities 515

    SD-Access Device Roles 518

SD-Access Case Study 542

    SD-Access Case Study, Summing Up 565

Summary 565

Further Reading 567

Chapter 20 DNA Application Policy 569

Managing Applications in DNA Center 570

    Application Registry 570

    Application Sets 574

    Application Policy 576

What Happens “Under the Hood”? 585

Translating Business Intent into Application Policy 586

DNA Infrastructure Software Requirements for Application Policy 589

    NBAR2 589

    SD-AVC 599

DNA Infrastructure Platform-Specific Requirements for Application Policy 601

    Routing Platform Requirements 602

    Switching Platform Requirements 613

    Wireless Platform Requirements 621

Summary 628

Further Reading 629

Chapter 21 DNA Analytics and Assurance 631

Introduction to DNA Assurance 631

    Context 633

    Learning 638

The Architectural Requirements of a Self-Healing Network 639

    Instrumentation 640

    Distributed On-Device Analytics 641

    Telemetry 642

    Scalable Storage 643

    Analytics Engine 643

    Machine Learning 644

    Guided Troubleshooting and Remediation 645

    Automated Troubleshooting and Remediation 645

DNA Center Analytics and Assurance 647

    Network Data Platform 647

    DNA Assurance 653

Summary 710

Further Reading 710

Chapter 22 DNA Encrypted Traffic Analytics 711

Encrypted Malware Detection: Defining the Problem 712

Encrypted Malware Detection: Defining the Solution 714

    ETA: Use of IDP for Encrypted Malware Detection 714

    ETA: Use of SPLT for Encrypted Malware Detection 715

Encrypted Malware Detection: The Solution in Action 716

Encrypted Malware Detection: Putting It All Together 719

Summary 720

Part VI DNA Evolution

Chapter 23 DNA Evolution 721

9781587147050   TOC   11/19/2018 

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020